landing-report
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive shell operations for environment setup, session tracking, and project analysis. It executes local binaries and scripts located within the user's home directory (
~/.claude/skills/gstack/bin/). - [DYNAMIC_EXECUTION]: The preamble uses
evalandsourceto load environment variables and configuration states dynamically from the output of local scripts likegstack-slugandgstack-repo-mode. - [DATA_EXFILTRATION]: The skill includes functionality for usage telemetry and cross-machine session syncing via GBrain. Telemetry logs data to local files and remote endpoints, while GBrain can synchronize session artifacts to a private GitHub repository. These capabilities are gated by explicit user prompts and require opt-in consent before activation.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted content from the local project and external repository metadata to populate its dashboard.
- Ingestion points: Project files like
VERSIONandCLAUDE.md, as well as metadata retrieved viagitandghCLI tools (e.g., PR titles, branch names). - Boundary markers: External data is rendered directly into a console-based dashboard without the use of specific boundary delimiters.
- Capability inventory: The skill has access to the
Bashtool and can perform file system reads and remote repository queries via standard CLI utilities. - Sanitization: Content extracted from repository files and PR data is parsed using
jqandcatfor display without explicit sanitization or filtering of potential embedded instructions.
Audit Metadata